1) I have uncovered a new important fact that changes the nature of the infection
2) In my first post ( http://www.geekstogo...ml#topicoptions ) I have overzealously replied to my post five times with log files as requested in a related topic by another user and only then have I noticed that this should not be done because only unreplied topics are being handled.
I apologize - but this is following two sleepless nights struggling with the infections.
To get to the point, the infected computer runs Win XP Home SP3. Looking at the files I have become suspicious of the Windows\system32\drivers\ntfs.sys file because it is dated 21/08/2009 and 630kB rather than 574kB as on my other system and Windows XP CD. My suspicions grew as I discovered that this file is locked for opening (even in Safe mode) and won't allow copying.
What I did is booted the suspect computer to Linux Knoppix, was able to go online and submit the suspect file to Kaspersky file scan (www.kaspersky.com/scanforvirus). Sure enough, the report says:
ntfs.sys - infected by Virus.Win32.Protector.c
Previously I had believed it was only the braviax.exe file - the other details with the requisite logs are available in my other topic:
http://www.geekstogo...ml#topicoptions
Of course, I will happily repost the logs here, if requested.
I am waiting (and begging) for help.
--
Robert
Edited by rlew, 25 August 2009 - 01:37 AM.